Hackers

Critical unfixed flaws affect ABB Safety PLC Gateways18 décembre 2018
Researchers at Applied Risk discovered serious flaws in some PLC gateways manufactured by industrial tech company ABB. Security experts at Applied Risk are affected by potentially serious flaws and the bad news is that the vendor will not release firmware updates because the impacted products have reached the end of life. The security firm published a security advisory that provides …

Malware controlled through commands hidden in memes posted on Twitter18 décembre 2018
New Malware Takes Commands From Memes Posted On Twitter Security researchers at Trend Micro have spotted a new strain of malware that retrieved commands from memes posted on a Twitter account controlled by the attackers. In this way, attackers make it hard to detect traffic associated with the malware that is this case appears as legitimate Twitter traffic. The use of legitimate web services to co …

Twitter uncovered a possible nation-state attack18 décembre 2018
Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform. Experts at Twitter discovered a possible state-sponsored attack while they were investigating an information disclosure vulnerability affecting its support forms. The experts discovered that the attack was launched from IP addresses that may be linked to nation-state …

Czech cyber-security agency warns over Huawei, ZTE security threat18 décembre 2018
A Czech cyber-security agency is warning against using Huawei and ZTE technologies because they pose a threat to state security. The Chinese nightmare is rapidly spreading among European countries, now a Czech cyber-security agency is warning against using the equipment manufactured by Chinese firms Huawei and ZTE because they pose a threat to state security. “The main issue is a legal and p …

A second sample of the Shamoon V3 wiper analyzed by the experts17 décembre 2018
A second sample of the Shamoon wiper was uploaded to Virus total on December 13, from the Netherlands, experts analyzed it. Last week security experts at Chronicle announced the discovery of a new variant of the infamous Shamoon malware, the sample was uploaded to Virus Total from Italy at around the time Italian oil services company Saipem announced to have suffered a cyber attack. Over …

Decrypting HiddenTear Ransomware for free with HT Brute Forcer17 décembre 2018
Good news for the victims of the dreaded HiddenTear Ransomware, the popular cybersecurity expert Michael Gillespie has devised a tool dubbed HT Brute Forcer that could allow decrypting files for free. In 2015, the Turkish security researchers Utku Sen published the HiddenTear ransomware, the first open source ransomware, for educational purposes. The original code was decryptable, for this reason, …

Siemens addresses multiple critical flaws in SINUMERIK Controllers17 décembre 2018
Siemens addressed several vulnerabilities in SINUMERIK controllers, including denial-of-service (DoS), privilege escalation and code execution issues. Siemens has fixed several flaws in SINUMERIK controllers, some of them have been classified as “critical.” The list of vulnerabilities includes DoS, privilege escalation and code execution flaws. Security experts at Kaspersky Lab disc …

US ballistic missile defense systems (BMDS) open to cyber attacks16 décembre 2018
U.S. Ballistic Missile Defense Systems Fail Cybersecurity Audit US DoD Inspector General’s report revealed United States’ ballistic missile defense systems (BMDS) fail to implements cyber security requirements. The U.S. Department of Defense Inspector General published a report this week that revealed that lack of adequate cybersecurity for the protection of the United States’ ba …

Security Affairs newsletter Round 192 – News of the week16 décembre 2018
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! STOLEN PENCIL campaign, hackers target academic institutions. WordPress botnet composed of +20k installs targets other sites …

Twitter fixed bug could have exposed Direct Messages to third-party apps16 décembre 2018
Researcher Terence Eden discovered that the permissions dialog when authorizing certain apps to Twitter could expose direct messages to the third-party. The flaw is triggered when apps that require a PIN to complete the authorization process instead of the using the OAuth protocol. The expert discovered that some permissions such as that to access direct messages, remained hidden to the Twitter us …

The Hackers News

Twitter Discloses Suspected State-Sponsored Attack After Minor Data Breach18 décembre 2018
Twitter has been hit with a minor data breach incident that the social networking site believes linked to a suspected state-sponsored attack. In a blog post published on Monday, Twitter revealed that while investigating a vulnerability affecting one of its support forms, the company discovered evidence of the bug being misused to access and steal users’ exposed information. The impacted …

New Malware Takes Commands From Memes Posted On Twitter18 décembre 2018
Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services. Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter account controlled by the attackers. Most malware relies on communication with their …

New Facebook Bug Exposed 6.8 Million Users Photos to Third-Party Apps14 décembre 2018
Facebook’s latest screw-up — a programming bug in Facebook website accidentally gave 1,500 third-party apps access to the unposted Facebook photos of as many as 6.8 million users. Facebook today quietly announced that it discovered a new API bug in its photo-sharing system that let 876 developers access users’ private photos which they never shared on their timeline, including images uploaded …

New Shamoon Malware Variant Targets Italian Oil and Gas Company14 décembre 2018
Shamoon is back… one of the most destructive malware families that caused damage to Saudi Arabia’s largest oil producer in 2012 and this time it has targeted energy sector organizations primarily operating in the Middle East. Earlier this week, Italian oil drilling company Saipem was attacked and sensitive files on about 10 percent of its servers were destroyed, mainly in the Middle East, …

Fake Bomb Threat Emails Demanding Bitcoins Sparked Chaos Across US, Canada14 décembre 2018
« Pay $20,000 worth of bitcoin, or a bomb will detonate in your building » A massive number of businesses, schools, government offices and individuals across the US, New Zealand and Canada on Thursday received bomb threats via emails that caused nationwide chaos, forcing widespread evacuations and police response. The bomb threat emails were apparently sent by spammers, threatening people that …

Adobe's Year-End Update Patches 87 Flaws in Acrobat Software12 décembre 2018
Adobe is closing out this year with its December Patch Tuesday update to address a massive number of security vulnerabilities for just its two PDF apps—more than double the number of what Microsoft patched this month for its several products. Adobe today released patches for 87 vulnerabilities affecting its Acrobat and Reader software products for both macOS and Windows operating systems, of …

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack12 décembre 2018
Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched by the tech giant this month is listed as publicly known at the time of release, and one is a zero-day reported as being …

phpMyAdmin Releases Critical Software Update — Patch Your Sites Now!11 décembre 2018
Developers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the affected web servers. The phpMyAdmin project last Sunday gave an early heads-up about the latest security update through its …

Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users10 décembre 2018
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security vulnerability in one of Google+’s People APIs that could have allowed developers to steal private …

Australia Passes Anti-Encryption Bill—Here's Everything You Need To Know7 décembre 2018
Australia’s House of Representatives has finally passed the « Telecommunications Assistance and Access Bill 2018, » also known as the Anti-Encryption Bill, on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications. The Australian government argues the new legislation is important for national …

New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs6 décembre 2018
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to execute …

WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers5 décembre 2018
Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations who …

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs6 décembre 2018
A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack… and the number of infected users is continuously increasing every hour. What’s Interesting? Unlike almost every ransomware malware, the new virus doesn’t demand ransom payments in Bitcoin. Instead, the attacker is …

Microsoft building Chrome-based browser to replace Edge on Windows 104 décembre 2018
It is no secret how miserably Microsoft’s 3-year-old Edge web browser has failed to compete against Google Chrome despite substantial investment and continuous improvements. According to the latest round of tech rumors, Microsoft has given up on Edge and reportedly building a new Chromium-based web browser, dubbed project codename « Anaheim » internally, that will replace Edge on Windows 10 …

Quora Gets Hacked – 100 Million Users Data Stolen4 décembre 2018
The World’s most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users. Quora announced the incident late Monday after its team last Friday discovered that an unidentified malicious third-party managed to gain unauthorized access to one of its …

Become a Certified Hacker With This Hands-On Training Course18 décembre 2018
It seems as though not a day goes by without news spreading over another major cyber attack. Hackers are becoming increasingly efficient at targeting everything from small startups to Fortune 500 companies and even entire government agencies, and as the world moves further away from traditional types of warfare and more toward engaging in all-out cyber warfare, these attacks are only going to …

Someone Hacked 50,000 Printers to Promote PewDiePie YouTube Channel1 décembre 2018
This may sound crazy, but it’s true! The war for « most-subscribed Youtube channel » crown between T-Series and PewDiePie just took an interesting turn after a hacker yesterday hijacked more than 50,000 internet-connected printers worldwide to print out flyers asking everyone to subscribe to PewDiePie YouTube channel. PewDiePie, whose real name is Felix Kjellberg, is a famous YouTuber from …

A first look at Windows Sandbox19 décembre 2018
Windows Sandbox is a new virtualization feature that Microsoft will integrate in Windows 10. Windows Sandbox allows users and administrators to run software in a sandbox so that it cannot harm the underlying system. Sandboxing is not a new concept but users had to resort to installing third-party solutions like Sandboxie or virtual machines such as VMWare or VirtualBox in the past to run software …

Ghacks Deals: The Complete Robotics eBook Bundle (90% off)18 décembre 2018
The Complete Robotics eBook Bundle gives you lifetime access to five eBooks about robotics. The books focus on ROS Robotics, a popular open source operating system for robots. The books are designed for users of all experience levels and available for just $19 for a limited period on Ghacks Deals. The bundle includes the following ebooks: ROS Robotics Projects –Master the Robot Operation System B …

Google will take action against website history manipulation18 décembre 2018
Chromium developers plan to integrate functionality in Chromium that protects against history manipulation by websites. History manipulation refers to sites adding pages to the browsing history, e.g. in the form of a number of redirects, when a user accesses a page on a site to make it more difficult to go back to the previous page or forward to the next. Usually, what happens is that activating b …

Windows 10 version 1809 available for "advanced users"18 décembre 2018
The latest feature update for Windows 10, Windows 10 version 1809 — The October 2018 Update — is now available for « advanced users » according to Microsoft. Microsoft started the rollout of the feature update in early October 2018 but pulled it from Windows Update and other updating tools shortly thereafter because of a data loss bug. A large number of other issues came to light in the weeks that …

Video Speed Controller for Google Chrome18 décembre 2018
Video Speed Controller is a free browser extension for the Google Chrome web browser and compatible browsers that gives you better video playback controls. The extension seems to be related to the Firefox extension Video Speed Controller which we reviewed earlier this year. Most video streaming sites offer basic playback controls only; you can stop playback, skip to the next video, change the audi …

Manage SendTo menu items in Windows17 décembre 2018
SendTo Menu Editor is a freeware for all supported versions of Microsoft’s Windows operating system that you may use to manage SendTo menu items. Windows Explorer and File Explorer include a SendTo option by default; the menu is displayed when users right-click on files or folders in Explorer. It offers options to send the selection to another location or to process it in some way depending on its …

Remove Backgrounds from Photos automatically17 décembre 2018
Remove.bg is a new free online service that you may use to remove the background of photos automatically that you upload to the service. Sometimes, you may want to remove background noise from an image, for instance to copy an object without the background as part of a collage. The manual approach to remove background from a photo is certainly the most accurate option but it requires a certain set …

BlackViperScript: make bulk changes to the Windows 10 Service configuration17 décembre 2018
BlackViperScript is a PowerShell script to make bulk changes to the Service configuration of Windows 10 PCs based on Black Viper’s Services suggestions. Black Viper published service configurations for several versions of Windows; these configurations suggested certain states for services based on use cases. He stopped updating Service configurations in April 2018 but the information is still usef …

Is Microsoft deprecating the People feature in Windows 10?17 décembre 2018
Microsoft introduced a feature that it called My People back in 2017 in Insider Builds of the then-upcoming Fall Creators Update feature update for Windows 10. Windows 10 users could pin contacts to the Windows 10 taskbar for quick access to these contacts; communication apps that support My People could be assigned to contacts to communication quickly, and it was even possible to view chats from …

Most Internet users still prefer weak passwords over secure ones16 décembre 2018
If you are a reader of this blog you know that it is essential to use unique and strong passwords for any online or offline service that you use. Most use a password manager for that; either one that integrates in the browser and stores data in the cloud, e.g. LastPass or 1Password, a hybrid like Bitwarden, or a local password manager like KeePass that stores data locally and may also be integrate …

blackMORE Ops

Inception Attackers Target Europe with Year-old Office Vulnerability14 décembre 2018
The Inception attackers have been active since at least 2014 and have been documented previously by both Blue Coat and Symantec; historical attacks used custom malware for a variety of platforms, and targeting a range of industries, primarily in Russia, but also around the world. This blog describes attacks against European targets observed in October … The post Inception Attackers Target Eu …

Brute Force Attacks Conducted by Cyber Actors13 décembre 2018
In a traditional brute-force attack, a malicious actor attempts to gain unauthorized access to a single account by guessing the password. This can quickly result in a targeted account getting locked-out, as commonly used account-lockout policies allow three to five bad attempts during a set period of time. During a password-spray attack (also known as … The post Brute Force Attacks Conducted …

Avoiding Web Application Firewall using Python21 novembre 2018
Web application firewalls are usually placed in front of the web server to filter the malicious traffic coming towards server. If you arehired as a penetration tester for some company and they forgot to tell you that they are using web application firewall than you might get into a serious mess. The figure below depicts … The post Avoiding Web Application Firewall using Python appeared first …

Targeting websites with Password Reset Poisoning20 novembre 2018
Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice the difference where we specify …

Cyber Actors Target Home and Office Routers and Networked Devices Worldwide19 novembre 2018
DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware. Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded to the latest available versions … Th …

Automatically crack WiFi password with besside-ng14 novembre 2018
besside-ng is a tool like Wesside-ng but it support also WPA encryption. It will automatically crack all the WEP networks in range and log the WPA handshakes. WPA handshakes captured can be uploaded to the online cracking service at Darkircop.org (Besside-ng Companion) to attempt to get the password and where provides useful statistics based on … The post Automatically crack WiFi password wi …

Setting up Damn Vulnerable Web Application (DVWA) – Pentesting Lab13 novembre 2018
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in … The post Setting up Damn Vulnerable Web A …

CYBERFORCE Profile Series: Transforming Technical Conversations with a Best Practice Assessment12 novembre 2018
This is the first in a series of blogs featuring a Palo Alto Networks CYBERFORCE Engineer and the business challenges they tackle. CYBERFORCE recognizes the best-of-the-best from the NextWave Partner Community; proven partner engineers who put the customer first, are trusted for their security expertise, and focus on preventing successful cyberattacks Meet Chris, CYBERFORCE Hero … The post C …

HIDDEN COBRA – FASTCash Campaign targeting banks10 novembre 2018
Since at least late 2016, HIDDEN COBRA actors have used FASTCash tactics to target banks in Africa and Asia. At the time of this TA’s publication, the U.S. Government has not confirmed any FASTCash incidents affecting institutions within the United States. FASTCash schemes remotely compromise payment switch application servers within banks to facilitate fraudulent transactions. … The post HI …